Quota Management for Remote Shells

Quota management allows users to manage system resources more efficiently. Windows Remote Management (WinRM) has added a specific set of quotas that provide a better quality of service, help prevent denial of service issues, and allocate server resources to concurrent users. The WinRM quota set is based on the quota infrastructure that is implemented for the Internet Information Services (IIS) service.

Implementing quotas will help to prevent performance degradation and denial of service issues by doing the following:

  • Limiting the number of shells and shell processes that a user can create
  • Limiting the maximum number of concurrent users
  • Managing the amount of memory that is allocated to a shell
  • Setting a time-out for shells that are inactive

Quota Settings

The following quotas need to be enforced for remote shell management. These quotas can be configured through the winrm utility or through Group Policy settings. Settings configured by a Group Policy supersede the quotas set by the winrm utility. For more information about setting Group Policies for WinRM, see Installation and Configuration for Windows Remote Management.

QuotaDescription

IdleTimeout

The maximum time in milliseconds before an inactive remote shell is deleted. The default is 180000 milliseconds. The minimum time is 1000 milliseconds.

MaxProcessesPerShell

The maximum number of processes allowed per shell, including the shell's child processes. The default is 15.

MaxMemoryPerShellMB

The maximum amount of memory allocated per shell, including the shell's child processes. The default is 150 MB.

Note  The behavior is unsupported if the MaxMemoryPerShellMB is set to a value that is less than the default.

MaxShellsPerUser

The maximum number of shells per user. The default is 5.

MaxConcurrentUsers

The maximum number of concurrent users who can open shells. The default is 5.

 

Deprecated Quotas

WinRM 2.0 sets the MaxShellRunTime quota to read-only. Changing the value for this quota will have no effect on the remote shells.

Retrieving Quota Configuration Information

To check the quota configuration settings, type winrm get winrm/config.

The following snippet is a text-based example of a WinRM configuration with the default quota settings.


Config

          .         

          .

          .

          Winrs

                   AllowRemoteShellAccess = true

                   IdleTimeout = 180000

                   MaxConcurrentUsers = 5

                   MaxProcessesPerShell = 5

                   MaxMemoryPerShellMB = 150

                   MaxShellsPerUser = 5

Configuring Shell Quotas

Quotas can be set manually or through a Group Policy setting. For more information about setting Group Policies, see Configuring WinRM with Group Policy.

To set a quota manually, type winrm set winrm/config/winrs '@{<Quota>="<Value>"}'. For example, to increase the maximum number of shells per user from 5 to 7, type winrm set winrm/config/winrs '@{MaxShellsPerUser="7"}'.

 

 

Show:
© 2014 Microsoft